The U.S. House of Representatives may vote on a controversial cyberthreat information sharing bill this week, despite major privacy concerns from many digital rights groups and security researchers.

The Protecting Cyber Networks Act "seriously threatens privacy and civil liberties, and would undermine cybersecurity, rather than enhance it," said a letter sent this week by 55 digital and civil liberties groups, security researchers and academics.

The PCNA, one of two cybersecurity bills that the House may vote on this week, would come to the House floor about a month after it was introduced, an unusually fast process for legislation. Without holding any public hearings on the bill, the House of Representatives Intelligence Committee voted to approve the bill in late March, just two days after it was introduced.

The bill would protect from consumer lawsuits those companies that share cyberthreat information with each other or with government agencies. Proponents of the cyberthreat information-sharing bills, including many tech companies, argue that more sharing of cyberthreat information can help businesses better respond to attacks, but victims of cyberattacks need assurances that information sharing won't lead to legal problems.

But the bill would also authorize companies to expand their monitoring of users' or customers' online activities and permit them to share "vaguely defined" cyberthreat indicators, said the letter from bill opponents, including the American Civil Liberties Union, Free Press, the Electronic Frontier Foundation and the New America Foundation's Open Technology Institute.

The PCNA would also require federal agencies to share all cyberthreat indicators they receive with the U.S. National Security Agency and any other agencies, and would allow law enforcement agencies to use the shared information for several crimes and activities that "have nothing to do with cybersecurity," the letter said.

The bill would also allow companies to deploy "invasive countermeasures, euphemistically called defensive measures," the letter said. Those defensive measures could harm innocent people not involved in cyberattacks and could undermine cybersecurity, the groups said.

While the digital rights and civil liberties groups oppose the bill, three telecom industry trade groups wrote Congress in support of it. The PCNA, along with another cyberthreat information sharing bill being considered by the House, "would provide critically important authorizations for real-time sharing" among private companies and between private companies and the government, said the letter, from CTIA, the National Cable and Telecommunications Association and the United States Telecom Association.

The House Intelligence Committee has defended the PCNA, disputing allegations that it's a surveillance bill as much as a cybersecurity bill.

The bill does not require companies to share information, only allows voluntary sharing, the committee said in a fact sheet about the PCNA.

"The bill has nothing to do with government surveillance; rather, it provides narrow authority for the government and the private sector to share anonymous cyber threat information," according to the fact sheet. "The bill expressly does not give authority to companies to send information directly to the NSA or the military."

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.